Channels

Services

Facebook closes spamming hole

Facebook has closed a vulnerability that spammers were exploiting at the beginning of the week to send out unsolicited spam emails. All Facebook users had to do was click on a link in a message from another user to automatically send spam messages to all of their friends.

The emails claimed, for instance, to concern a lottery at Walmart and contained a link purporting to be from a Facebook app. CNET says that, when the link was clicked on, spammers used a cross-site request forgery (CSRF) hole in the launched Facebook app in order to send out emails without requiring any further intervention by the user.